Write your password on a piece of paper and stick it to your forehead? Probably no. However, connecting to a public Wi-Fi network is almost as stupid.
However, you may not have a choice if you are on the road and want to stay connected. A VPN can protect you, but each device must connect separately unless you’re using an intermediate router.
Not to have on hand? Don’t worry, you can build one with a Raspberry Pi. This is the perfect choice for a DIY router, so let’s take a look at how to build one.
What you need
To get started building your Raspberry Pi VPN Travel Router, you will need:
- Raspberry Pi (Pi 3 or Raspberry Pi Zero W preferred) with case
- One USB Wi-Fi adapter (two if you’re using an older Raspberry Pi)
- microSD card with at least 8 GB of storage
- SD card reader
- Quality power supply
- PC with SSH client installed
- VPN subscription with OpenVPN support
It is possible to use Pi models without built-in Wi-Fi, but you will need two USB Wi-Fi adapters or one capable of both managed/access point and client mode.
Instead of a standard Linux distribution, you need to install OpenWRT on an SD card to turn it into a full router. You can use a different Linux distribution if you like, but OpenWRT provides a handy web interface to set up when you’re away from home.
Step 1: Install OpenWRT
First, download the OpenWRT firmware for your Raspberry Pi model. You can find the latest images on the OpenWRT wiki.
Unzip the downloaded file with 7zip or other suitable file zip manager, then transfer the IMG file to the card using Etcher .
This tool should automatically detect your SD card; you just need to select the image file, select the correct drive letter by letter, and then click flash.
After that, place the microSD card back into the Raspberry Pi and let it boot up.
Step 2: Initial setup
Instead of handling the configuration using LuCI, the OpenWRT web interface, you will do it manually to make sure the configuration is set up correctly. Download PuTTY or your SSH client and first connect to 192.168.1.1 using username root.
You will receive an initial security warning the first time you connect; just click Yes and go on. It is recommended that you set a password at this point; Do this by typing
passwd in the terminal window.
Configuring network and firewall settings
You need to edit two files −
/etc/config/firewall before you can proceed. Start by typing the following to edit the file:
Then press I to edit the text and add the following:
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option type 'bridge' option ifname 'eth0' option force_link '1' option proto 'static' option ipaddr '192.168.38.1' option netmask '255.255.255.0' option ip6assign '60' config interface 'wwan' option proto 'dhcp' option peerdns '0' option dns '18.104.22.168 22.214.171.124' ## Google DNS servers config interface 'vpnclient' option ifname 'tun0' option proto 'none'
Once you’re done, click Esc key and type
:wq to save and exit. Then turn your attention to the firewall configuration file:
Click I to edit, then find (or add) a zone for the WAN partition, which should look like this:
config zone option name wan option network 'wan wan6 wwan' option input ACCEPT option output ACCEPT option forward REJECT option masq 1 option mtu_fix 1
Type of reboot and wait for the Raspberry Pi to reboot with the new IP address: 192.168.38.1 .
Step 3: Update and Install Packages
Next, you need to update OpenWRT. To do this, you’ll borrow the Pi’s internal Wi-Fi and initially set it up to connect to an existing Wi-Fi network. You may need to change the static IP address to 192.168.38.2 or similar address in this range to allow the connection.